Mitsubishi Electric MELSEC-Q Series Ethernet Interface Module Vulnerabilities

OVERVIEW Security researcher Vladimir Dashchenko of Critical Infrastructure Defense Team, Kaspersky Lab has identified vulnerabilities in the Mitsubishi Electric Automation, Inc. Mitsubishi Electric MELSEC-Q series Ethernet interface modules. NCCIC/ICS-CERT and JPCERT have coordinated the reporte...

CVE-2016-2183

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted...

Opera server breach incident

News Opera server breach incident Share August 26th, 2016 Earlier this week, we detected signs of an attack where access was gained to the Opera sync system. This attack was quickly blocked. Our investigations are ongoing, but we believe some data, including some of our sync users’ passwords and...

France, Germany Call for European Decryption Law

The United States is months removed from this spring’s Apple vs. FBI debacle, but the debate around encryption is just beginning to play out in Europe. A joint press conference held Tuesday in Paris between Germany’s Interior Minister Thomas de Maizière and France’s Interior Minister Bernard...

jenkins: Encrypted secrets (e.g. passwords) were leaked to users with permission to read configuration (SECURITY-266)

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with extended read access to obtain sensitive password information by reading a job configuration...

Someone is Spying on Researchers Behind VeraCrypt Security Audit

After TrueCrypt mysteriously discontinued itself, VeraCrypt became the most popular open source disk encryption software used by activists, journalists, and privacy conscious people. Due to the huge popularity of VeraCrypt, security researchers from the OSTIF The Open Source Technology Improvemen...

Serious TCP Bug in Linux Systems Allows Traffic Hijacking

A serious vulnerability in the TCP implementation in Linux systems deployed since 2012 version 3.6 of the Linux kernel can be used by attackers to identify hosts communicating over the protocol and ultimately attack that traffic. Researchers from the University of California, Riverside and the U....

[SECURITY] Fedora 24 Update: openssh-7.2p2-12.fc24

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Mozilla Firefox and Firefox ESR Stack Buffer Overflow Vulnerability

Mozilla Firefox is an open source web browser; Firefox ESR is an extended support version of Firefox. A stack buffer overflow vulnerability exists in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API of Mozilla Firefox and Firefox, which allows remote attackers ...

CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

UBUNTU-CVE-2016-2837

Heap-based buffer overflow in the ClearKey Content Decryption Module CDM in the Encrypted Media Extensions EME API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media...

CVE-2016-6257

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...

Sql injection

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system b...

Buffer overflow in ClearKey Content Decryption Module (CDM) during video playback — Mozilla

An anonymous security researcher working with Trend Micro's Zero Day Initiative reported a buffer overflow in the ClearKey Content Decryption Module CDM used by the Encrypted Media Extensions EME API. This vulnerability can be triggered using a malformed video file due to incorrect error handling...

New HTTPS URL Leakage Attack Leaves PCs, Macs, Linux Systems Vulnerable

LAS VEGAS — Researchers have found flaws in the Web Proxy AutoDiscovery protocol tied to DHCP and DNS servers that allow hackers spy on HTTPS-protected URLs and launch a myriad of different malicious attacks against Linux, Windows or Mac computers. According to the security firm SafeBreach, this...

CHERRY B.UNLIMITED AES JD-0400EU-2/01 Crypto Issues / Replay Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-031 Product: CHERRY B.UNLIMITED AES Manufacturer: Cherry GmbH Affected Versions: JD-0400EU-2/01 Tested Versions: JD-0400EU-2/01 Vulnerability Type: Cryptographic Issues CWE-310 Missing Protection against Replay Attacks Risk...

Logitech K520 Crypto Issues / Replay Attacks

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2016-044 Product: K520 Keyboard of Wireless Combo MK520 Manufacturer: Logitech Affected Versions: Model Y-R0012 Tested Versions: Model Y-R0012 Vulnerability Type: Cryptographic Issues CWE-310 Insufficient Protection against Replay...

[SECURITY] Fedora 24 Update: openssh-7.2p2-10.fc24

SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forward...

Fedora 24 : ecryptfs-utils (2016-41301e2187)

ecryptfs-utils updated to 111 - fix ecryptfs-setup-swap improperly configures encrypted swap when using GPT partitioning on a NVMe or MMC drive CVE-2016-6224, rhbz1356828 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system...